我也中了杀不干净，每次登陆前用瑞星杀都有感染，
windows目录下一个svchast_hook.dll文件感染了Backdoor.Gpigeon.uwd删除后又自动出现。



HijackThis_zww汉化版扫描日志 V1.99.1
保存于      13:52:46, 日期 2006-2-2
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
c:\Program Files\Ahead\InCD\InCDsrv.exe
e:\program files\rising\rfw\rfwsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\WINDOWS\system32\sesinetd.exe
D:\WINDOWS\system32\hserver.exe
D:\Program Files\SpeedSix\bin\JawsService.exe
D:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Pixar\license-3.0\lmgrd.exe
E:\Program Files\Pixar\license-3.0\pixard.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\nutsrv4.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\Explorer.EXE
e:\program files\rising\rfw\RfwMain.exe
D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Rising\Rav\RavTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
E:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
D:\Program Files\Rising\Rav\Ravmond.exe
D:\Program Files\Rising\Rav\RavStub.exe
D:\Program Files\Rising\Rav\RAVMON.EXE
D:\WINDOWS\system32\conime.exe
D:\Program Files\Rising\Rav\Rav.exe
D:\Program Files\Internet Explorer\iexplore.exe
E:\HiackThis\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - (no file)
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe
O1 - Hosts: 145.97.39.132 en.wikipedia.org
O1 - Hosts: 145.97.39.132 zh.wikipedia.org
O1 - Hosts: 145.97.39.132 jp.wikipedia.org
O1 - Hosts: 145.97.39.132 upload.wikimedia.org
O2 - BHO: (no name) - RsAutorunsDisabled - (no file)
O2 - BHO: (no name) - RsAutorunsDisabled? - (no file)
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D}? - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}? - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA}? - (no file)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03}? - (no file)
O2 - BHO: (no name) - {15DDE989-CD45-4561-BF99-D22C0D5C2B74}? - (no file)
O2 - BHO: (no name) - {3E422F49-1566-40D3-B43D-077EF739AC32}? - (no file)
O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2}? - (no file)
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: (no name) - {66C28884-4E5D-494B-80C9-CAA27528FD6D}? - (no file)
O2 - BHO: (no name) - {6E28339B-7A2A-47B6-AEB2-46BA53782379}? - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}? - (no file)
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - E:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B}? - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7}? - (no file)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910}? - (no file)
O2 - BHO: (no name) - {B1D147E7-873E-4909-8127-695D9BB78728}? - (no file)
O3 - IE工具栏增项: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA}? - (no file)

O3 - IE工具栏增项: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F}? - (no file)
O3 - IE工具栏增项: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86}? - (no file)
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}? - (no file)
O3 - IE工具栏增项: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93}? - (no file)
O3 - IE工具栏增项: (no name) - {56A7DC70-E102-4408-A34A-AE06FEF01586}? - (no file)
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - D:\WINDOWS\system32\kakatool.dll
O3 - IE工具栏增项: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - 启动项HKLM\\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - 启动项HKLM\\Run: [NuTCSetupEnviron] D:\NUTC\bin\ncoeenv.exe
O4 - 启动项HKLM\\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - 启动项HKLM\\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [RfwMain] "e:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - 启动项HKLM\\RunOnce: [MyWebSearch bar Uninstall] rundll32 D:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 金山词霸 2005.lnk = E:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek 扫描仪探测器.lnk = E:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - IE右键菜单中的新增项目: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYCN
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - RsAutorunsDisabled - (no file)
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}? - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}? - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - 浏览器额外的按钮: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8}? - E:\Program Files\sina\UC\UC.exe
O9 - 浏览器额外的按钮: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C}? - D:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C}? - D:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的按钮: 网际飞音 - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385}? - E:\Program Files\Donor\donor.exe
O9 - 浏览器额外的“工具”菜单项: 网际飞音(&D) - {8E4E4123-AAC7-42CA-AF1B-68CE70B8D385}? - E:\Program Files\Donor\donor.exe
O9 - 浏览器额外的按钮: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}? - (no file)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - E:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: 新浪点点通 - {F60C7D81-8471-4D40-AAFE-56D318F34C2D}? - E:\PROGRA~1\sina\UC\UCddt\DDTONG~1.DLL
O9 - 浏览器额外的按钮: (no name) - {974AD624-EA50-4831-A6C0-3040F6665396} - E:\PROGRA~1\sina\UC\UCddt\rssband.dll (HKCU)
O9 - 浏览器额外的“工具”菜单项: 新浪点点通阅读器 - {974AD624-EA50-4831-A6C0-3040F6665396} - E:\PROGRA~1\sina\UC\UCddt\rssband.dll (HKCU)
O9 - 浏览器额外的按钮: 新浪点点通阅读器 - {F0646DC8-58CD-4C64-8F6B-525043914685} - E:\PROGRA~1\sina\UC\UCddt\rssband.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1FAE2BD-DF80-4B5E-9C5C-CA55DBAA9C34}: NameServer = 202.98.161.68 202.98.160.68
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: System Safety Monitor - D:\WINDOWS\SYSTEM32\SSMWinlogonEx.dll
O23 - NT 服务: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - NT 服务: FLEXlm License Manager - Macrovision Corporation - D:\Program Files\Common Files\Alias Shared\licensing\etc\lmgrd.exe
O23 - NT 服务: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - D:\WINDOWS\system32\sesinetd.exe
O23 - NT 服务: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - D:\WINDOWS\system32\hserver.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: InCD Helper (InCDsrv) - Nero AG - c:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - NT 服务: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: Jaws Service (JawsService.exe) - SpeedSix Software Ltd. - D:\Program Files\SpeedSix\bin\JawsService.exe
O23 - NT 服务: maya6 - Macrovision Corporation - D:\Program Files\Common Files\Alias Shared\licensing\etc\lmgrd.exe
O23 - NT 服务: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - NT 服务: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - NT 服务: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - D:\WINDOWS\system32\nutsrv4.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Pixar License Server - Macrovision Corporation - E:\Program Files\Pixar\license-3.0\lmgrd.exe
O23 - NT 服务: RaySat Server (RaySatServer) - Unknown owner - C:\Program Files\Alias\mentalraysatellite3.4\bin\raysatserver.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - e:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: Distributed Link Tracking Clie (TrKwe) - Unknown owner - D:\WINDOWS\svchast.exe

修复
R3 - URLSearchHook: (no name) - {0A00D11E-B1E7-44b5-AD88-C9190876AAC4} - (no file)
O1 - Hosts: 145.97.39.132 en.wikipedia.org
O1 - Hosts: 145.97.39.132 zh.wikipedia.org
O1 - Hosts: 145.97.39.132 jp.wikipedia.org
O1 - Hosts: 145.97.39.132 upload.wikimedia.org
O2 - BHO: (no name) - RsAutorunsDisabled - (no file)
O2 - BHO: (no name) - RsAutorunsDisabled? - (no file)
O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D}? - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}? - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA}? - (no file)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03}? - (no file)
O2 - BHO: (no name) - {15DDE989-CD45-4561-BF99-D22C0D5C2B74}? - (no file)
O2 - BHO: (no name) - {3E422F49-1566-40D3-B43D-077EF739AC32}? - (no file)
O2 - BHO: Link Filter - {4022F902-ABC7-4C79-924F-BB26F1D355A2}? - (no file)
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: (no name) - {66C28884-4E5D-494B-80C9-CAA27528FD6D}? - (no file)
O2 - BHO: (no name) - {6E28339B-7A2A-47B6-AEB2-46BA53782379}? - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}? - (no file)
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B}? - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7}? - (no file)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910}? - (no file)
O2 - BHO: (no name) - {B1D147E7-873E-4909-8127-695D9BB78728}? - (no file)
O3 - IE工具栏增项: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA}? - (no file)
O3 - IE工具栏增项: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F}? - (no file)
O3 - IE工具栏增项: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86}? - (no file)
O3 - IE工具栏增项: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3}? - (no file)
O3 - IE工具栏增项: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93}? - (no file)
O3 - IE工具栏增项: (no name) - {56A7DC70-E102-4408-A34A-AE06FEF01586}? - (no file)
O3 - IE工具栏增项: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O23 - NT 服务: Distributed Link Tracking Clie (TrKwe) - Unknown owner - D:\WINDOWS\svchast.exe
O4 - 启动项HKLM\\RunOnce: [MyWebSearch bar Uninstall] rundll32 D:\PROGRA~1\UNINST~1.DLL,O -2

删除D:\WINDOWS\svchast.exe
D:\Program Files\UNINST~1.DLL

在硬盘中搜索svchast_hook.dll
svchast.dll
svchastkey.dll
找到后全部删除

我建议手动杀毒.
O23 - NT 服务: Distributed Link Tracking Clie (TrKwe) - Unknown owner - D:\WINDOWS\svchast.exe

没事就重装系统，从来不怕病毒。
偶就不信哪个病毒能逃过偶的重新分区！（BIOS病毒除外）